Add Resource v1 SCC Findings Export to BQ Organization Config (GoogleCloudPlatform#11582)

vijaykanthm · Philip Jonany · commit c2a98beeed42 · 2024-11-04T20:51:02.000Z
diff --git a/mmv1/products/securitycenter/OrganizationSccBigQueryExport.yaml b/mmv1/products/securitycenter/OrganizationSccBigQueryExport.yaml
@@ -0,0 +1,135 @@
+# Copyright 2024 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+--- !ruby/object:Api::Resource
+name: 'OrganizationSccBigQueryExport'
+base_url: organizations/{{organization}}/bigQueryExports
+self_link: organizations/{{organization}}/bigQueryExports/{{big_query_export_id}}
+create_url: organizations/{{organization}}/bigQueryExports?bigQueryExportId={{big_query_export_id}}
+update_verb: :PATCH
+update_mask: true
+import_format:
+  - 'organizations/{{organization}}/bigQueryExports/{{big_query_export_id}}'
+description: |
+  A Cloud Security Command Center (Cloud SCC) Big Query Export Config.
+  It represents exporting Security Command Center data, including assets, findings, and security marks
+  using gcloud scc bqexports
+  ~> **Note:** In order to use Cloud SCC resources, your organization must be enrolled
+  in [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center).
+  Without doing so, you may run into errors during resource creation.
+references: !ruby/object:Api::Resource::ReferenceLinks
+  guides:
+    'Official Documentation': 'https://cloud.google.com/security-command-center/docs/how-to-analyze-findings-in-big-query'
+  api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.bigQueryExports'
+examples:
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'scc_organization_big_query_export_config_basic'
+    primary_resource_id: 'custom_big_query_export_config'
+    external_providers: ["random", "time"]
+    skip_test: true
+    vars:
+      big_query_export_id: 'my-export'
+      dataset: 'my-dataset'
+      name: 'my-export'
+    test_env_vars:
+      org_id: :ORG_ID
+      project: :PROJECT_NAME
+parameters:
+  - !ruby/object:Api::Type::String
+    name: organization
+    required: true
+    immutable: true
+    url_param_only: true
+    description: |
+      The organization whose Cloud Security Command Center the Big Query Export
+      Config lives in.
+  - !ruby/object:Api::Type::String
+    name: bigQueryExportId
+    required: true
+    immutable: true
+    url_param_only: true
+    description: |
+      This must be unique within the organization.
+properties:
+  - !ruby/object:Api::Type::String
+    name: name
+    output: true
+    description: |
+      The resource name of this export, in the format
+      `organizations/{{organization}}/bigQueryExports/{{big_query_export_id}}`.
+      This field is provided in responses, and is ignored when provided in create requests.
+  - !ruby/object:Api::Type::String
+    name: description
+    description: |
+      The description of the notification config (max of 1024 characters).
+    validation: !ruby/object:Provider::Terraform::Validation
+      function: 'validation.StringLenBetween(0, 1024)'
+  - !ruby/object:Api::Type::String
+    name: dataset
+    description: |
+      The dataset to write findings' updates to.
+      Its format is "projects/[projectId]/datasets/[bigquery_dataset_id]".
+      BigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_).
+  - !ruby/object:Api::Type::String
+    name: createTime
+    output: true
+    description: |
+      The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation.
+      A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits.
+      Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
+  - !ruby/object:Api::Type::String
+    name: updateTime
+    output: true
+    description: |
+      The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update.
+      A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits.
+      Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
+  - !ruby/object:Api::Type::String
+    name: mostRecentEditor
+    output: true
+    description: |
+      Email address of the user who last edited the BigQuery export.
+      This field is set by the server and will be ignored if provided on export creation or update.
+  - !ruby/object:Api::Type::String
+    name: principal
+    output: true
+    description: |
+      The service account that needs permission to create table and upload data to the BigQuery dataset.
+  - !ruby/object:Api::Type::String
+    name: filter
+    description: |
+      Expression that defines the filter to apply across create/update
+      events of findings. The
+      expression is a list of zero or more restrictions combined via
+      logical operators AND and OR. Parentheses are supported, and OR
+      has higher precedence than AND.
+
+      Restrictions have the form <field> <operator> <value> and may have
+      a - character in front of them to indicate negation. The fields
+      map to those defined in the corresponding resource.
+
+      The supported operators are:
+
+      * = for all value types.
+      * \>, <, >=, <= for integer values.
+      * :, meaning substring matching, for strings.
+
+      The supported value types are:
+
+      * string literals in quotes.
+      * integer literals without quotes.
+      * boolean literals true and false without quotes.
+
+      See
+      [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)
+      for information on how to write a filter.
diff --git a/mmv1/templates/terraform/examples/scc_organization_big_query_export_config_basic.tf.erb b/mmv1/templates/terraform/examples/scc_organization_big_query_export_config_basic.tf.erb
@@ -0,0 +1,25 @@
+resource "google_bigquery_dataset" "default" {
+  dataset_id                  = "<%= ctx[:vars]['dataset_id'] %>"
+  friendly_name               = "test"
+  description                 = "This is a test description"
+  location                    = "US"
+  default_table_expiration_ms = 3600000
+  default_partition_expiration_ms = null
+
+  labels = {
+    env = "default"
+  }
+
+  lifecycle {
+    ignore_changes = [default_partition_expiration_ms]
+  }
+}
+
+resource "google_scc_organization_scc_big_query_export" "<%= ctx[:primary_resource_id] %>" {
+  name         = "<%= ctx[:vars]['name'] %>"
+  big_query_export_id    = "<%= ctx[:vars]['big_query_export_id'] %>"
+  organization = "<%= ctx[:test_env_vars]['org_id'] %>"
+  dataset      = google_bigquery_dataset.default.id
+  description  = "Cloud Security Command Center Findings Big Query Export Config"
+  filter       = "state=\"ACTIVE\" AND NOT mute=\"MUTED\""
+}
diff --git a/mmv1/third_party/terraform/services/securitycenter/resource_scc_organization_big_query_export_config_test.go b/mmv1/third_party/terraform/services/securitycenter/resource_scc_organization_big_query_export_config_test.go
@@ -0,0 +1,124 @@
+package securitycenter_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+	"github.com/hashicorp/terraform-provider-google/google/envvar"
+)
+
+func TestAccSecurityCenterOrganizationBigQueryExportConfig_basic(t *testing.T) {
+	t.Parallel()
+
+	randomSuffix := acctest.RandString(t, 10)
+	dataset_id := "tf_test_" + randomSuffix
+	orgID := envvar.GetTestOrgFromEnv(t)
+
+	context := map[string]interface{}{
+		"org_id":              orgID,
+		"random_suffix":       randomSuffix,
+		"dataset_id":          dataset_id,
+		"big_query_export_id": "tf-test-export-" + randomSuffix,
+		"name": fmt.Sprintf("organizations/%s/bigQueryExports/%s",
+			orgID, "tf-test-export-"+randomSuffix),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		ExternalProviders: map[string]resource.ExternalProvider{
+			"random": {},
+			"time":   {},
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSecurityCenterOrganizationBigQueryExportConfig_basic(context),
+			},
+			{
+				ResourceName:            "google_scc_organization_scc_big_query_export.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"update_time"},
+			},
+			{
+				Config: testAccSecurityCenterOrganizationBigQueryExportConfig_update(context),
+			},
+			{
+				ResourceName:            "google_scc_organization_scc_big_query_export.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"update_time"},
+			},
+		},
+	})
+}
+
+func testAccSecurityCenterOrganizationBigQueryExportConfig_basic(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+
+resource "google_bigquery_dataset" "default" {
+  dataset_id                  = "%{dataset_id}"
+  friendly_name               = "test"
+  description                 = "This is a test description"
+  location                    = "US"
+  default_table_expiration_ms = 3600000
+  default_partition_expiration_ms = null
+
+  labels = {
+    env = "default"
+  }
+
+  lifecycle {
+	ignore_changes = [default_partition_expiration_ms]
+  }
+}
+
+resource "time_sleep" "wait_1_minute" {
+	depends_on = [google_bigquery_dataset.default]
+	create_duration = "3m"
+}
+
+resource "google_scc_organization_scc_big_query_export" "default" {
+  big_query_export_id    = "%{big_query_export_id}"
+  organization = "%{org_id}"
+  dataset      = google_bigquery_dataset.default.id
+  description  = "Cloud Security Command Center Findings Big Query Export Config"
+  filter       = "state=\"ACTIVE\" AND NOT mute=\"MUTED\""
+
+  depends_on = [time_sleep.wait_1_minute]
+}
+
+`, context)
+}
+
+func testAccSecurityCenterOrganizationBigQueryExportConfig_update(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+
+resource "google_bigquery_dataset" "default" {
+  dataset_id                  = "%{dataset_id}"
+  friendly_name               = "test"
+  description                 = "This is a test description"
+  location                    = "US"
+  default_table_expiration_ms = 3600000
+  default_partition_expiration_ms = null
+
+  labels = {
+    env = "default"
+  }
+
+  lifecycle {
+	ignore_changes = [default_partition_expiration_ms]
+  }
+}
+
+resource "google_scc_organization_scc_big_query_export" "default" {
+  big_query_export_id    = "%{big_query_export_id}"
+  organization = "%{org_id}"
+  dataset      = google_bigquery_dataset.default.id
+  description  = "SCC Findings Big Query Export Update"
+  filter       = "state=\"ACTIVE\" AND NOT mute=\"MUTED\""
+}
+`, context)
+}
